The Worst Passwords of 2016

By Paul Ausick Updated Jan 12, 3:35PM EST · Published Jan 24, 12:05PM EST

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

The Worst Passwords of 2016 — © Thinkstock

[cnxvideo id=”655414″ placement=”ros”]Ever since the dawn of the personal computer age, users have had to create, remember and type in a password to do at least something with the machine in front of them. Because most of us already have plenty of other things to think about and remember, those passwords were often almost ludicrously simple, like “password” or “1234” or … you get the idea.

Some 30 years later, a lot of us do the same thing, even though we should know better by now. More than 37 million records were exposed in data breaches last year in the United States. That number represents records stolen from the business and government sector, and by an estimate from security application provider SplashData, includes more than 5 million individual password records.

There were plenty of examples of poor password choice to pick from last year, but the break-in at the Democratic National Committee was probably the poster child. An easily breakable password used by Hillary Clinton’s campaign manager John Podesta led to a hacking attack against the group’s systems that resulted in the loss of thousands of passwords and hundreds of thousands of emails.

[nativounit]

The loss of billions of online credentials (usernames and passwords) in 2016 has led to an increase in a hacking attack known as credential stuffing, where credentials stolen from one website are gathered into a massive file that then enters the credentials one at a time into a different website’s login screen. Hackers’ success rates are barely 2%, but it doesn’t have to be very high — from a million stolen credentials, 20,000 accounts could be compromised.

What to do? Last October we looked at how to guard against identity theft. Near the top of the list is a recommendation to create strong passwords. Similarly, if you purchase a new device that is network connectable (the so-called Internet of Things), it is critical to change the default password that comes pre-installed.

And if you want those passwords to be hard for thieves to figure out, don’t use one of these, the 10 worst passwords of 2016:

123456
password
123435
12345678
football
qwerty
1234567890
1234567
princess
1234

Security website Darkreading has more details and an additional 15 passwords you should avoid.

[wallst_email_signup]

About the Author Paul Ausick →

Paul Ausick has been writing for a673b.bigscoots-temp.com for more than a decade. He has written extensively on investing in the energy, defense, and technology sectors. In a previous life, he wrote technical documentation and managed a marketing communications group in Silicon Valley.

He has a bachelor's degree in English from the University of Chicago and now lives in Montana, where he fishes for trout in the summer and stays inside during the winter.